def blog_user(user_id, blog_id):
# Obtains user edit in blog context.
user = auth.is_logged_in(request)
blog = Blog.load(blog_id)
permission = auth.is_blog_admin(user, blog)
user_to_edit = User.find(user_id)
return edit_user(user_to_edit, editing_user=user, context=blog_context, blog=blog)
def site_user(user_id, site_id):
# Obtains user edit in site context.
user = auth.is_logged_in(request)
site = Site.load(site_id)
permission = auth.is_site_admin(user, site)
user_to_edit = User.find(user_id)
return edit_user(user_to_edit, editing_user=user, context=site_context, site=site)
def blog_user(user_id, blog_id):
# Obtains user edit in blog context.
user = auth.is_logged_in(request)
blog = Blog.load(blog_id)
permission = auth.is_blog_admin(user, blog)
user_to_edit = User.find(user_id)
return edit_user(user_to_edit,
editing_user=user,
context=blog_context,
blog=blog)
def site_user(user_id, site_id):
# Obtains user edit in site context.
user = auth.is_logged_in(request)
site = Site.load(site_id)
permission = auth.is_site_admin(user, site)
user_to_edit = User.find(user_id)
return edit_user(user_to_edit,
editing_user=user,
context=site_context,
site=site)
def post(self):
login = self.get_argument("login")
password = self.get_argument("password")
password_confirm = self.get_argument("password_confirm")
if len(password) >= 4 and (password == password_confirm):
users = yield User.find(login=login)
if len(users):
self.write_error(500, "Already exist")
return
user = User(login=login)
user.set_password(new_password=password)
user.save()
self.set_secure_cookie("user", login)
self.get_user_from_cookies = lambda : login
session = self.project_session
session['current_user'] = user
session.save()
self.redirect("/")
else:
self.write_error(500, 'Incorrect password')
def user_edit(user_id, path, context, permission):
# Obtains user edit in system context.
user = auth.is_logged_in(request)
permission = permission(user)
user_to_edit = User.find(user_id=user_id) if user_id is not None else user
status = None
from core.error import PermissionsException
if request.method == 'POST':
if request.forms.getunicode('submit_settings') is not None:
from core.libs import peewee
user_to_edit.name = request.forms.getunicode('user_name')
user_to_edit.email = request.forms.getunicode('user_email')
try:
user_to_edit.save()
except peewee.IntegrityError:
status = utils.Status(
type='danger',
no_sure=True,
message=
'Error: user <b>{}</b> cannot be changed to the same name or email as another user.'
.format(user_to_edit.for_display))
else:
status = utils.Status(
type='success',
message='Data for user <b>{}</b> successfully updated.'.
format(user_to_edit.for_display))
# TODO: all actions could be consolidated w/o multiple status lines
if request.forms.getunicode('delete_permissions') is not None:
deletes = request.forms.getall('del')
try:
user.remove_permissions(deletes)
except PermissionsException as e:
raise e
status = utils.Status(
type='success',
message='Data for user <b>{}</b> successfully updated.'.format(
user_to_edit.for_display))
if request.forms.getunicode('submit_permissions') is not None:
permission_to_add = int(
request.forms.getunicode('permission_list'))
permission_target = request.forms.getunicode(
'permission_target_list')
target_site = None
target_blog = None
if permission_to_add != auth.role.SYS_ADMIN:
permission_target_item = permission_target[:5]
if permission_target_item == 'site-':
target_site = Site.load(permission_target[5:])
else:
target_blog = Blog.load(permission_target[5:])
user_to_edit.add_permission(permission=permission_to_add,
site=target_site,
blog=target_blog)
'''
what we should do:
- get any existing permission
- update it with the proper bitmask
then, when listing permissions,
go through and compare each bitmask against it
the bitmask needs to be all in one entry per site/blog/user object
it *might* work as we have it now but we'll need to test
we might need to order by level to make sure it works
'''
else:
if user_to_edit.last_login is None:
status = utils.Status(
type='success',
message='User <b>{}</b> successfully created.'.format(
user_to_edit.for_display),
)
import datetime
user_to_edit.last_login = datetime.datetime.utcnow()
user_to_edit.save()
tags = template_tags(user=User.find(user_id=user.id))
tags.status = status
try:
tags.permissions = auth.get_permissions(user_to_edit)
except PermissionsException:
tags.permissions = []
tags.editor_permissions = auth.get_permissions(user)
return edit_user(user_to_edit,
editing_user=user,
context=context(user_to_edit, path),
tags=tags)
def user_edit(user_id, path, context, permission):
# Obtains user edit in system context.
user = auth.is_logged_in(request)
permission = permission(user)
user_to_edit = User.find(user_id=user_id) if user_id is not None else user
status = None
from core.error import PermissionsException
if request.method == 'POST':
if request.forms.getunicode('submit_settings') is not None:
from core.libs import peewee
user_to_edit.name = request.forms.getunicode('user_name')
user_to_edit.email = request.forms.getunicode('user_email')
try:
user_to_edit.save()
except peewee.IntegrityError:
status = utils.Status(
type='danger',
no_sure=True,
message='Error: user <b>{}</b> cannot be changed to the same name or email as another user.'.format(
user_to_edit.for_display)
)
else:
status = utils.Status(
type='success',
message='Data for user <b>{}</b> successfully updated.'.format(
user_to_edit.for_display)
)
# TODO: all actions could be consolidated w/o multiple status lines
if request.forms.getunicode('delete_permissions') is not None:
deletes = request.forms.getall('del')
try:
user.remove_permissions(deletes)
except PermissionsException as e:
raise e
status = utils.Status(
type='success',
message='Data for user <b>{}</b> successfully updated.'.format(user_to_edit.for_display)
)
if request.forms.getunicode('submit_permissions') is not None:
permission_to_add = int(request.forms.getunicode('permission_list'))
permission_target = request.forms.getunicode('permission_target_list')
target_site = None
target_blog = None
if permission_to_add != auth.role.SYS_ADMIN:
permission_target_item = permission_target[:5]
if permission_target_item == 'site-':
target_site = Site.load(permission_target[5:])
else:
target_blog = Blog.load(permission_target[5:])
user_to_edit.add_permission(
permission=permission_to_add,
site=target_site,
blog=target_blog)
'''
what we should do:
- get any existing permission
- update it with the proper bitmask
then, when listing permissions,
go through and compare each bitmask against it
the bitmask needs to be all in one entry per site/blog/user object
it *might* work as we have it now but we'll need to test
we might need to order by level to make sure it works
'''
else:
if user_to_edit.last_login is None:
status = utils.Status(
type='success',
message='User <b>{}</b> successfully created.'.format(
user_to_edit.for_display),
)
import datetime
user_to_edit.last_login = datetime.datetime.utcnow()
user_to_edit.save()
tags = template_tags(user=User.find(user_id=user.id))
tags.status = status
try:
tags.permissions = auth.get_permissions(user_to_edit)
except PermissionsException:
tags.permissions = []
tags.editor_permissions = auth.get_permissions(user)
return edit_user(user_to_edit, editing_user=user,
context=context(user_to_edit, path),
tags=tags)
